# Step 6 Audit Round 1 (P0/P1)

## Coverage

- Reviewed high-risk auth/session/network/watch files:
  - `iphone/Werkout_ios/UserStore.swift`
  - `iphone/Werkout_ios/Network/Network.swift`
  - `iphone/Werkout_ios/BridgeModule+Watch.swift`
  - `iphone/Werkout_watch Watch App/WatchMainViewModel.swift`
  - `iphone/Werkout_watch Watch App/WatchMainViewModel+WCSessionDelegate.swift`
  - `iphone/Werkout_ios/HealthKitHelper.swift`
  - `iphone/Werkout_ios/CurrentWorkoutInfo.swift`
- Ran:
  - `./scripts/smoke/smoke_all.sh`
- Added/ran regression tests in `SharedCore` for token lifecycle and watch payload validation.

## Findings And Fixes

1. `P1` Watch command loss during activation
   - Evidence: `iphone/Werkout_watch Watch App/WatchMainViewModel+WCSessionDelegate.swift:40`
   - Problem: payloads were dropped when `WCSession` was not activated.
   - Fix: added bounded queue (`maxQueuedPayloads`), enqueue on inactive session, flush on activation.

2. `P1` Silent/unsafe watch payload decode failures
   - Evidence: `iphone/Werkout_ios/BridgeModule+Watch.swift:73`
   - Evidence: `iphone/Werkout_watch Watch App/WatchMainViewModel.swift:74`
   - Problem: `try?` decode silently ignored malformed payloads.
   - Fix: added shared `WatchPayloadValidation` with size checks and structured decode failures; both decode paths now reject+log bad payloads.

3. `P1` Auth token normalization gap for prefixed tokens
   - Evidence: `SharedCore/Sources/SharedCore/TokenSecurity.swift:24`
   - Problem: `"Token ..."` / `"Bearer ..."` values were not normalized.
   - Fix: normalize known auth prefixes and reject bare prefix-only strings.

4. `P1` Network reliability/threading risk
   - Evidence: `iphone/Werkout_ios/Network/Network.swift:12`
   - Problem: infinite request timeouts and completion handlers returning on background threads.
   - Fix: finite timeout (`30s`) and centralized main-thread completion delivery.

5. `P1` HealthKit helper shared mutable-state race
   - Evidence: `iphone/Werkout_ios/HealthKitHelper.swift:20`
   - Problem: mutable cross-request state (`completion`, counters, shared result object) could race and mis-route results.
   - Fix: per-request aggregation via `DispatchGroup`, single UUID query (`limit: 1`), thread-safe aggregation queue, structured runtime logging.

6. `P2` Workout order inconsistency across helpers
   - Evidence: `iphone/Werkout_ios/CurrentWorkoutInfo.swift:24`
   - Problem: some paths used unsorted `workout.supersets` while others used sorted supersets.
   - Fix: unified core navigation/lookup paths on sorted `superset` accessor and corrected bounds check.

## Validation

- Smoke suite passed after fixes:
  - token scan
  - SharedCore tests (including new regression tests)
  - iOS/watchOS/tvOS builds